Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
1
Replies

A VERY STRANGE THING....

g.rodegari
Level 1
Level 1

‎06-07-2002 06:42 AM - edited ‎03-08-2019 10:53 PM

HI,

I' VE CONFIGURED A VPN LAN TO LAN FROM A PIX 506 [ VER 6.1(1) ] TO A PIX 515 [ VER 6.2(1) ].

ON THE 515 I' VE CONFIGURED THE "SYSOPT CONNECTION PERMIT-IPSEC", ON THE 506 NO! AND, CLEARLY, THE IPSEC DOESN'T WORK!

IF I PUT A "CONDUIT PERMIT IPSEC ANY ANY" ON THE 506...

THE TUNNEL WORKS WELL ! ! ! ! ! ! ! ! WHY? WHAT IS THE RELATIONSHIP BETWEEN IPSEC/IKE AND ICMP ? ? ?

NOTHING ! ,

I THINK...

THANKS,

GRAZ.

Labels:
0 Helpful
1 Reply 1

vijkrish
Cisco Employee
Cisco Employee

‎06-10-2002 01:13 AM

http://www.cisco.com/warp/customer/110/38.html

shows simple PIX-PIX vpn setup that you describe. If things are not working when you setup as per the sample, please elaborate as to what exactly is not working (ie., need more info. than the mention "ipsec doesnt' work").

Do you see Phase1 SAs on both the PIX ?

Do you see Phase2 SAs on both the PIX ?

Do you see counters of encaps and encrypt increase on the sending PIX

when you do a show crypto ipsec sa ?

Do you see counters of decaps and decrypt increase on the receiving PIX ?

Please post those details to specifically see what exactly is not working.

Vijay.

0 Helpful
Customers Also Viewed These Support Documents